Loading ...
Sorry, an error occurred while loading the content.

RE: SASL vs. M$ Outlook and Outlook Express

Expand Messages
  • Tom Kovar
    I have tried it with enabling PLAIN and LOGIN, nothing changed. If I remove PLAIN and have only LOGIN, the Outlook client exits immediately, stating that the
    Message 1 of 25 , Jan 1, 2007
    • 0 Attachment
      I have tried it with enabling PLAIN and LOGIN, nothing changed. If I
      remove PLAIN and have only LOGIN, the Outlook client exits immediately,
      stating that the server does not offer a mechanism supported by Outlook
      - so this will not be the problem, either.

      Btw., with IMAP, Outlook sends "AUTH PLAIN" without any problem...

      --- T

      -----Original Message-----
      From: owner-postfix-users@...
      [mailto:owner-postfix-users@...] On Behalf Of Michael Wang
      Sent: Monday, January 01, 2007 2:51 PM
      To: Postfix users
      Subject: Re: SASL vs. M$ Outlook and Outlook Express


      Rene van Hoek wrote:
      > I did an telnet to your machine and that seems ok:
      >
      > Leto:/Volumes renevanhoek$ telnet mail.kovarovi.org 25
      > Trying 194.212.102.169...
      > Connected to bimbo.kovarovi.org.
      > Escape character is '^]'.
      > 220 mail.kovarovi.org ESMTP Postfix
      > EHLO test.a8.nl
      > 250-mail.kovarovi.org
      > 250-PIPELINING
      > 250-SIZE 10240000
      > 250-VRFY
      > 250-ETRN
      > 250-AUTH PLAIN
      > 250-AUTH=PLAIN
      > 250-ENHANCEDSTATUSCODES
      > 250-8BITMIME
      > 250 DSN

      I don't believe Outlook handles PLAIN, I believe it needs to be LOGIN
      (or NTLM if that's checked in the client), so try modifying your
      dovecot.conf file and add that to the mechanisms parameter.

      --
      Michael Wang
    • Tom Kovar
      As stated in my previous mail - offering LOGIN as authentication mechanism does not change anything on the problem. Offering both PLAIN and LOGIN does not
      Message 2 of 25 , Jan 1, 2007
      • 0 Attachment
        As stated in my previous mail - offering LOGIN as authentication
        mechanism does not change anything on the problem. Offering both PLAIN
        and LOGIN does not change anything, offering only LOGIN leads to an
        error message by the client that the server does not offer any mechanism
        supported by Outlook Express. (After initial failure with both Outlook
        and O.Express, I continue testing only with Express now).

        So frankly I do not believe that Outlook Express really supports LOGIN
        mechanism...

        As to the TLS - I am aware that it is not quite the best way from
        security perspective, but I do implement things stepwise. After I have
        tested everything on open sockets, I will introduce SSL. For a short
        time I do not see it such an issue.

        Rgds,
        --- Tom

        -----Original Message-----
        From: owner-postfix-users@...
        [mailto:owner-postfix-users@...] On Behalf Of Tony Earnshaw
        Sent: Monday, January 01, 2007 2:52 PM
        To: Postfix users
        Subject: Re: SASL vs. M$ Outlook and Outlook Express


        Rene van Hoek wrote:


        [...]

        > I did an telnet to your machine and that seems ok:
        >
        > Leto:/Volumes renevanhoek$ telnet mail.kovarovi.org 25
        > Trying 194.212.102.169...
        > Connected to bimbo.kovarovi.org.
        > Escape character is '^]'.
        > 220 mail.kovarovi.org ESMTP Postfix
        > EHLO test.a8.nl
        > 250-mail.kovarovi.org
        > 250-PIPELINING
        > 250-SIZE 10240000
        > 250-VRFY
        > 250-ETRN
        > 250-AUTH PLAIN
        > 250-AUTH=PLAIN
        > 250-ENHANCEDSTATUSCODES
        > 250-8BITMIME
        > 250 DSN
        >
        >
        > Also according to the maillog, the client don't authenticate. So the
        > problem is as far as I can see with the configuration of the client.
        >
        > As an test, did you try for yourself to relay mail through your mta
        with
        > Windows and Outlook? In this way you can rule-out (or confirm) client
        > configuration mistakes.

        MS clients need AUTH LOGIN, PLAIN won't work; also it's a security
        mistake to offer AUTH PLAIN or LOGIN without first hiding them with
        smtpd_use_tls = yes and smtpd_tls_auth_only = yes.

        > Otherwise refer your client to Microsoft Support ;-)

        After OP has waited his due time and paid his due he'll get to hear the
        same from them.

        --Tonni

        --
        Tony Earnshaw
        Email: tonni at hetnet.nl
      • Rene van Hoek
        ... We advice our customers to configure outlook in the following way (texts are in Dutch, but the screenshots should be clear):
        Message 3 of 25 , Jan 1, 2007
        • 0 Attachment
          Tom Kovar wrote:
          >
          > --- T
          >
          > -----Original Message-----
          > From: owner-postfix-users@...
          > [mailto:owner-postfix-users@...] On Behalf Of Michael Wang
          > Sent: Monday, January 01, 2007 2:51 PM
          > To: Postfix users
          > Subject: Re: SASL vs. M$ Outlook and Outlook Express
          >
          >
          > Rene van Hoek wrote:
          >> I did an telnet to your machine and that seems ok:
          >>
          >> Leto:/Volumes renevanhoek$ telnet mail.kovarovi.org 25
          >> Trying 194.212.102.169...
          >> Connected to bimbo.kovarovi.org.
          >> Escape character is '^]'.
          >> 220 mail.kovarovi.org ESMTP Postfix
          >> EHLO test.a8.nl
          >> 250-mail.kovarovi.org
          >> 250-PIPELINING
          >> 250-SIZE 10240000
          >> 250-VRFY
          >> 250-ETRN
          >> 250-AUTH PLAIN
          >> 250-AUTH=PLAIN
          >> 250-ENHANCEDSTATUSCODES
          >> 250-8BITMIME
          >> 250 DSN
          >
          > I don't believe Outlook handles PLAIN, I believe it needs to be LOGIN
          > (or NTLM if that's checked in the client), so try modifying your
          > dovecot.conf file and add that to the mechanisms parameter.
          >

          > I have tried it with enabling PLAIN and LOGIN, nothing changed. If I
          > remove PLAIN and have only LOGIN, the Outlook client exits immediately,
          > stating that the server does not offer a mechanism supported by Outlook
          > - so this will not be the problem, either.
          >
          > Btw., with IMAP, Outlook sends "AUTH PLAIN" without any problem...


          We advice our customers to configure outlook in the following way (texts
          are in Dutch, but the screenshots should be clear):

          http://support.active8.nl/index.srf?pkn=file_id&pkv=27&lang_id=360


          I have a Windows machine near me. If you can send me an test-account, I
          would be happy to test if I can authenticate with your mta. I assume you
          don't have an Windows machine currently available?

          By the way, please don't top-post. It makes this thread harder to follow.

          Greetings,

          rene at active8 nl
        • mouss
          ... - enable both PLAIN and LOGIN - telnet to your postfix and see what it offers (forward the result here) - post the output of postconf -n - try sending
          Message 4 of 25 , Jan 1, 2007
          • 0 Attachment
            Tom Kovar wrote:
            > I have tried it with enabling PLAIN and LOGIN, nothing changed. If I
            > remove PLAIN and have only LOGIN, the Outlook client exits immediately,
            > stating that the server does not offer a mechanism supported by Outlook
            > - so this will not be the problem, either.
            >


            - enable both PLAIN and LOGIN
            - telnet to your postfix and see what it offers (forward the result here)
            - post the output of 'postconf -n'
            - try sending mail with outlook. post the corresponding logs

            > Btw., with IMAP, Outlook sends "AUTH PLAIN" without any problem...
            >

            This is unrelated. IMAP != ESMTP.
          • Tony Earnshaw
            ... Oh yes, it is. We have MS Outlook Express and Outlook clients and they connect without problems. Do two things: 1: telnet mail.barlaeus.nl 25 ehlo
            Message 5 of 25 , Jan 1, 2007
            • 0 Attachment
              Tom Kovar wrote:

              > I have tried it with enabling PLAIN and LOGIN, nothing changed. If I
              > remove PLAIN and have only LOGIN, the Outlook client exits immediately,
              > stating that the server does not offer a mechanism supported by Outlook
              > - so this will not be the problem, either.

              Oh yes, it is. We have MS Outlook Express and Outlook clients and they
              connect without problems. Do two things:

              1: telnet mail.barlaeus.nl 25
              ehlo mydomain.net

              See what it says.

              2: openssl s_client -starttls smtp -connect mail.barlaeus.nl:25

              See what it says.

              You need the "AUTH=LOGIN" for the MS client to recognize it. You
              therefore need broken_sasl_auth_clients = yes in main.cf.

              > Btw., with IMAP, Outlook sends "AUTH PLAIN" without any problem...

              What the bleeding heck does that have to do with the price of fish?

              --Tonni

              --
              Tony Earnshaw
              Email: tonni at hetnet.nl
            • Rene van Hoek
              ... I am aware that in my configuration, usernames and passwords are sent in clear-text. That is an security-risk, I am aware. On the other hand, I have to
              Message 6 of 25 , Jan 1, 2007
              • 0 Attachment
                Tony Earnshaw wrote:
                > Rene van Hoek wrote:
                >
                >
                > [...]
                >
                >> I did an telnet to your machine and that seems ok:
                >>
                >> Leto:/Volumes renevanhoek$ telnet mail.kovarovi.org 25
                >> Trying 194.212.102.169...
                >> Connected to bimbo.kovarovi.org.
                >> Escape character is '^]'.
                >> 220 mail.kovarovi.org ESMTP Postfix
                >> EHLO test.a8.nl
                >> 250-mail.kovarovi.org
                >> 250-PIPELINING
                >> 250-SIZE 10240000
                >> 250-VRFY
                >> 250-ETRN
                >> 250-AUTH PLAIN
                >> 250-AUTH=PLAIN
                >> 250-ENHANCEDSTATUSCODES
                >> 250-8BITMIME
                >> 250 DSN
                >>
                >>
                >> Also according to the maillog, the client don't authenticate. So the
                >> problem is as far as I can see with the configuration of the client.
                >>
                >> As an test, did you try for yourself to relay mail through your mta
                >> with Windows and Outlook? In this way you can rule-out (or confirm)
                >> client configuration mistakes.
                >
                > MS clients need AUTH LOGIN, PLAIN won't work; also it's a security
                > mistake to offer AUTH PLAIN or LOGIN without first hiding them with
                > smtpd_use_tls = yes and smtpd_tls_auth_only = yes.
                >

                I am aware that in my configuration, usernames and passwords are sent in
                clear-text. That is an security-risk, I am aware.

                On the other hand, I have to deal with a lot of customers which find it
                difficult already to configure their e-mail client in the most simple form.

                I had to balance these two issues and therefore came up with this
                solution for our situation. Don't worry, we don't experience any
                security issues and we monitor our logs closely for unwanted relaying.


                >> Otherwise refer your client to Microsoft Support ;-)
                >
                > After OP has waited his due time and paid his due he'll get to hear the
                > same from them.

                I know, it was also a joke.

                >
                > --Tonni
                >

                Greetings,

                Rene at active8 nl
              • Michael Wang
                ... I fiddled with Outlook 2002 (don t have Express) and my Postfix setup which is also running Dovecot for both IMAP and SASL and the only way I was able to
                Message 7 of 25 , Jan 1, 2007
                • 0 Attachment
                  Tom Kovar wrote:
                  > As stated in my previous mail - offering LOGIN as authentication
                  > mechanism does not change anything on the problem. Offering both PLAIN
                  > and LOGIN does not change anything, offering only LOGIN leads to an
                  > error message by the client that the server does not offer any mechanism
                  > supported by Outlook Express. (After initial failure with both Outlook
                  > and O.Express, I continue testing only with Express now).
                  >
                  > So frankly I do not believe that Outlook Express really supports LOGIN
                  > mechanism...

                  I fiddled with Outlook 2002 (don't have Express) and my Postfix setup
                  which is also running Dovecot for both IMAP and SASL and the only way I
                  was able to get the Outlook not to send the AUTH command is if I turned
                  off the "My Outgoing server (SMTP) requires authentication" check box.
                  Are these Windows machines that are trying to connect personal machines
                  or are they setup in some sort of managed environment where perhaps
                  something is overriding that setting? I don't know enough about Outlook
                  to suggest where to look for that sort of thing.

                  Oh and Outlook 2002 does handle PLAIN only (but it prefers LOGIN if both
                  are offered) so that's definitely not the issue.

                  --
                  Michael Wang
                • Magnus Bäck
                  On Monday, January 01, 2007 at 14:32 CET, ... No, that s not okay. The Microsoft-style LOGIN mechanism is missing. More recent Microsoft clients may support
                  Message 8 of 25 , Jan 1, 2007
                  • 0 Attachment
                    On Monday, January 01, 2007 at 14:32 CET,
                    Rene van Hoek <rene@...> wrote:

                    > I did an telnet to your machine and that seems ok:
                    >
                    > Leto:/Volumes renevanhoek$ telnet mail.kovarovi.org 25
                    > Trying 194.212.102.169...
                    > Connected to bimbo.kovarovi.org.
                    > Escape character is '^]'.
                    > 220 mail.kovarovi.org ESMTP Postfix
                    > EHLO test.a8.nl
                    > 250-mail.kovarovi.org
                    > 250-PIPELINING
                    > 250-SIZE 10240000
                    > 250-VRFY
                    > 250-ETRN
                    > 250-AUTH PLAIN
                    > 250-AUTH=PLAIN
                    > 250-ENHANCEDSTATUSCODES
                    > 250-8BITMIME
                    > 250 DSN

                    No, that's not okay. The Microsoft-style LOGIN mechanism is missing.
                    More recent Microsoft clients may support the PLAIN mechansim as well,
                    but since people may be running older software I'd say it's a
                    requirement to provide both PLAIN and LOGIN.

                    While the OP is fixing LOGIN, I suggest he fixes support for CRAM-MD5
                    and DIGEST-MD5 as well so that clients won't be forced to send passwords
                    in the clear.

                    [...]

                    --
                    Magnus Bäck
                    magnus@...
                  • Tom Kovar
                    So, thank you all. Problem solved, it is really the LOGIN method, that is required for SMTP SASL. But the key thing is the broken_sasl_auth_clients story,
                    Message 9 of 25 , Jan 1, 2007
                    • 0 Attachment
                      So, thank you all.
                      Problem solved, it is really the LOGIN method, that is required for SMTP
                      SASL. But the key thing is the "broken_sasl_auth_clients" story, i.e.
                      what matters is the **order** of proposed methods. The M$ clients really
                      need to see 250-AUTH=LOGIN in the message.

                      What I tried earlier was dovecot proposing methods "PLAIN" and "LOGIN".
                      This leads to the SMTP server response to client's EHLO message
                      250-AUTH=PLAIN LOGIN
                      which is not recognised by the M$ clients (without any comment or
                      message, anyway) - even if broken_sasl_auth_clients is set to yes all
                      the time. If my dovecot proposes the methods in the reversed order, i.e.
                      "LOGIN" and "PLAIN", Bill Gates seems satisfied.

                      My love towards this damned Micro$oft grows stronger and deeper. Cashing
                      big money for delivering scrap. Well well.

                      Once again, thanks for the extensive help.

                      Best regards,
                      --- Tom

                      -----Original Message-----
                      From: owner-postfix-users@...
                      [mailto:owner-postfix-users@...] On Behalf Of Tony Earnshaw
                      Sent: Monday, January 01, 2007 3:09 PM
                      To: postfix-users@...
                      Subject: Re: SASL vs. M$ Outlook and Outlook Express


                      Tom Kovar wrote:

                      > I have tried it with enabling PLAIN and LOGIN, nothing changed. If I
                      > remove PLAIN and have only LOGIN, the Outlook client exits
                      immediately,
                      > stating that the server does not offer a mechanism supported by
                      Outlook
                      > - so this will not be the problem, either.

                      Oh yes, it is. We have MS Outlook Express and Outlook clients and they
                      connect without problems. Do two things:

                      1: telnet mail.barlaeus.nl 25
                      ehlo mydomain.net

                      See what it says.

                      2: openssl s_client -starttls smtp -connect mail.barlaeus.nl:25

                      See what it says.

                      You need the "AUTH=LOGIN" for the MS client to recognize it. You
                      therefore need broken_sasl_auth_clients = yes in main.cf.

                      > Btw., with IMAP, Outlook sends "AUTH PLAIN" without any problem...

                      What the bleeding heck does that have to do with the price of fish?

                      --Tonni

                      --
                      Tony Earnshaw
                      Email: tonni at hetnet.nl
                    • Tom Kovar
                      Yeah, Magnus, very much right. But not only that: LOGIN apparently has to be the **FIRST** method proposed by the server - if not, M$ does neither find nor
                      Message 10 of 25 , Jan 1, 2007
                      • 0 Attachment
                        Yeah, Magnus, very much right. But not only that: LOGIN apparently has
                        to be the **FIRST** method proposed by the server - if not, M$ does
                        neither find nor recognise it.

                        Tack så mycket,
                        --- Tom

                        -----Original Message-----
                        From: owner-postfix-users@...
                        [mailto:owner-postfix-users@...] On Behalf Of Magnus Bäck
                        Sent: Monday, January 01, 2007 7:00 PM
                        To: postfix-users@...
                        Subject: Re: SASL vs. M$ Outlook and Outlook Express


                        On Monday, January 01, 2007 at 14:32 CET,
                        Rene van Hoek <rene@...> wrote:

                        > I did an telnet to your machine and that seems ok:
                        >
                        > Leto:/Volumes renevanhoek$ telnet mail.kovarovi.org 25
                        > Trying 194.212.102.169...
                        > Connected to bimbo.kovarovi.org.
                        > Escape character is '^]'.
                        > 220 mail.kovarovi.org ESMTP Postfix
                        > EHLO test.a8.nl
                        > 250-mail.kovarovi.org
                        > 250-PIPELINING
                        > 250-SIZE 10240000
                        > 250-VRFY
                        > 250-ETRN
                        > 250-AUTH PLAIN
                        > 250-AUTH=PLAIN
                        > 250-ENHANCEDSTATUSCODES
                        > 250-8BITMIME
                        > 250 DSN

                        No, that's not okay. The Microsoft-style LOGIN mechanism is missing.
                        More recent Microsoft clients may support the PLAIN mechansim as well,
                        but since people may be running older software I'd say it's a
                        requirement to provide both PLAIN and LOGIN.

                        While the OP is fixing LOGIN, I suggest he fixes support for CRAM-MD5
                        and DIGEST-MD5 as well so that clients won't be forced to send passwords
                        in the clear.

                        [...]

                        --
                        Magnus Bäck
                        magnus@...
                      • Tom Kovar
                        So, thank you all. Problem solved, it is really the LOGIN method, that is required for SMTP SASL. But the key thing is the broken_sasl_auth_clients story,
                        Message 11 of 25 , Jan 1, 2007
                        • 0 Attachment
                          So, thank you all.
                          Problem solved, it is really the LOGIN method, that is required for SMTP
                          SASL. But the key thing is the "broken_sasl_auth_clients" story, i.e.
                          what matters is the **order** of proposed methods. The M$ clients really
                          need to see 250-AUTH=LOGIN in the message.

                          What I tried earlier was dovecot proposing methods "PLAIN" and "LOGIN".
                          This leads to the SMTP server response to client's EHLO message
                          250-AUTH=PLAIN LOGIN
                          which is not recognised by the M$ clients (without any comment or
                          message, anyway) - even if broken_sasl_auth_clients is set to yes all
                          the time. If my dovecot proposes the methods in the reversed order, i.e.
                          "LOGIN" and "PLAIN", Bill Gates seems satisfied.

                          My love towards this damned Micro$oft grows stronger and deeper. Cashing
                          big money for delivering scrap. Well well.

                          Once again, thanks for the extensive help.

                          Best regards,
                          --- Tom


                          -----Original Message-----
                          From: owner-postfix-users@...
                          [mailto:owner-postfix-users@...] On Behalf Of Tony Earnshaw
                          Sent: Monday, January 01, 2007 3:09 PM
                          To: postfix-users@...
                          Subject: Re: SASL vs. M$ Outlook and Outlook Express


                          Tom Kovar wrote:

                          > I have tried it with enabling PLAIN and LOGIN, nothing changed. If I
                          > remove PLAIN and have only LOGIN, the Outlook client exits
                          immediately,
                          > stating that the server does not offer a mechanism supported by
                          Outlook
                          > - so this will not be the problem, either.

                          Oh yes, it is. We have MS Outlook Express and Outlook clients and they
                          connect without problems. Do two things:

                          1: telnet mail.barlaeus.nl 25
                          ehlo mydomain.net

                          See what it says.

                          2: openssl s_client -starttls smtp -connect mail.barlaeus.nl:25

                          See what it says.

                          You need the "AUTH=LOGIN" for the MS client to recognize it. You
                          therefore need broken_sasl_auth_clients = yes in main.cf.

                          > Btw., with IMAP, Outlook sends "AUTH PLAIN" without any problem...

                          What the bleeding heck does that have to do with the price of fish?

                          --Tonni

                          --
                          Tony Earnshaw
                          Email: tonni at hetnet.nl
                        • Bill Landry
                          ... The order presented doesn t matter. I have: 220 mail.inetmsg.com - INetMsg ESMTP Mail Service - UCE Not Permitted! ehlo test.net 250-mail.inetmsg.com
                          Message 12 of 25 , Jan 1, 2007
                          • 0 Attachment
                            Tom Kovar wrote the following on 1/1/2007 10:06 AM -0800:
                            > Yeah, Magnus, very much right. But not only that: LOGIN apparently has
                            > to be the **FIRST** method proposed by the server - if not, M$ does
                            > neither find nor recognise it.

                            The order presented doesn't matter. I have:

                            220 mail.inetmsg.com - INetMsg ESMTP Mail Service - UCE Not Permitted!
                            ehlo test.net
                            250-mail.inetmsg.com
                            250-PIPELINING
                            250-SIZE 10240000
                            250-ETRN
                            250-AUTH PLAIN LOGIN
                            250-AUTH=PLAIN LOGIN
                            250-ENHANCEDSTATUSCODES
                            250-8BITMIME
                            250 DSN
                            quit
                            221 2.0.0 Bye

                            and it works fine with both Outlook and Outlook Express clients.

                            Bill
                          • Tony Earnshaw
                            Magnus Bäck wrote: [...] ... Yep ... Sending passwords in the clear can be avoided with TLS c.q. SSL. Also, unfortunately at the last count (beta
                            Message 13 of 25 , Jan 1, 2007
                            • 0 Attachment
                              Magnus Bäck wrote:

                              [...]

                              > No, that's not okay. The Microsoft-style LOGIN mechanism is missing.
                              > More recent Microsoft clients may support the PLAIN mechansim as well,
                              > but since people may be running older software I'd say it's a
                              > requirement to provide both PLAIN and LOGIN.

                              Yep

                              > While the OP is fixing LOGIN, I suggest he fixes support for CRAM-MD5
                              > and DIGEST-MD5 as well so that clients won't be forced to send passwords
                              > in the clear.

                              Sending passwords in the clear can be avoided with TLS c.q. SSL.

                              Also, unfortunately at the last count (beta < 1) Dovecot didn't support
                              CRAM-MD5 or DIGEST-MD5 - just as it didn't support many of the things
                              that are possible with Cyrus and on the IMAP level Courier
                              IMAP/maildrop. Getting CRAM-MD5 and DIGEST-MD5 to work with Postfix (at
                              least with Cyrus SASL) means using auxprop and in our case with an LDAP
                              base, ldapdb.

                              I'd be happy to learn that things on the Dovecot front have improved
                              since last April or so and that it now does support both, though without
                              LDAP-based maildrop (and the underlying authlib service) the mail
                              service that we offer at our site would be impossible.

                              --Tonni

                              --
                              Tony Earnshaw
                              Email: tonni at hetnet.nl
                            • James Turnbull
                              ... Hash: SHA1 ... Only the 1.0 release candidates support CRAM-MD5 and DIGEST-MD5. I can say that I have been running RC15 in a couple of places as
                              Message 14 of 25 , Jan 1, 2007
                              • 0 Attachment
                                -----BEGIN PGP SIGNED MESSAGE-----
                                Hash: SHA1

                                Tony Earnshaw wrote:
                                > Also, unfortunately at the last count (beta < 1) Dovecot didn't support
                                > CRAM-MD5 or DIGEST-MD5 - just as it didn't support many of the things
                                > that are possible with Cyrus and on the IMAP level Courier
                                > IMAP/maildrop. Getting CRAM-MD5 and DIGEST-MD5 to work with Postfix (at
                                > least with Cyrus SASL) means using auxprop and in our case with an LDAP
                                > base, ldapdb.

                                Only the 1.0 release candidates support CRAM-MD5 and DIGEST-MD5. I can
                                say that I have been running RC15 in a couple of places as production
                                without issue. YMMV. I've also had no issues with the LDAP backend for
                                authentication - though that's not in production for us.

                                Regards

                                James Turnbull

                                - --
                                James Turnbull <james@...>
                                - ---
                                Author of Pro Nagios 2.0
                                (http://www.amazon.com/gp/product/1590596099/)

                                Hardening Linux
                                (http://www.amazon.com/gp/product/1590594444/)
                                - ---
                                PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40)
                                -----BEGIN PGP SIGNATURE-----
                                Version: GnuPG v1.4.6 (MingW32)
                                Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

                                iD8DBQFFmYEC9hTGvAxC30ARAk1BAKCGThP2jc9/V6olnNGSkn4KE4v7rQCfZZEu
                                vno8BpHeWSWcVBH6Ah9fYMg=
                                =Wc17
                                -----END PGP SIGNATURE-----
                              • Robert Schetterer
                                ... Hi, i have postfix, saslauthd , mysql, dovecot running on many servers ( suse 10.1), i have no problem, using outlook express, outlook, thunderbird (
                                Message 15 of 25 , Jan 1, 2007
                                • 0 Attachment
                                  Michael Wang schrieb:
                                  > Tom Kovar wrote:
                                  >> As stated in my previous mail - offering LOGIN as authentication
                                  >> mechanism does not change anything on the problem. Offering both PLAIN
                                  >> and LOGIN does not change anything, offering only LOGIN leads to an
                                  >> error message by the client that the server does not offer any mechanism
                                  >> supported by Outlook Express. (After initial failure with both Outlook
                                  >> and O.Express, I continue testing only with Express now).
                                  >>
                                  >> So frankly I do not believe that Outlook Express really supports LOGIN
                                  >> mechanism...
                                  >
                                  > I fiddled with Outlook 2002 (don't have Express) and my Postfix setup
                                  > which is also running Dovecot for both IMAP and SASL and the only way I
                                  > was able to get the Outlook not to send the AUTH command is if I turned
                                  > off the "My Outgoing server (SMTP) requires authentication" check box.
                                  > Are these Windows machines that are trying to connect personal machines
                                  > or are they setup in some sort of managed environment where perhaps
                                  > something is overriding that setting? I don't know enough about Outlook
                                  > to suggest where to look for that sort of thing.
                                  >
                                  > Oh and Outlook 2002 does handle PLAIN only (but it prefers LOGIN if both
                                  > are offered) so that's definitely not the issue.
                                  >
                                  Hi,
                                  i have postfix, saslauthd , mysql, dovecot running on
                                  many servers ( suse 10.1), i have no problem, using
                                  outlook express, outlook, thunderbird
                                  ( latest versions )
                                  whatever pop3, imap, imaps, pop3s
                                  smtp, smtps
                                  with virtual domain postfixadmin
                                  so in my eyses problems are a configure issue
                                  i configured saslauthd to ask imap dovecot with plaintext passwords
                                  ( plain is not not nice but needed for other stuff in my case )
                                  Regards and happy new year

                                  --
                                  Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
                                  und ist - aktuelle Virenscanner vorausgesetzt - sauber.
                                Your message has been successfully submitted and would be delivered to recipients shortly.